1 / 14

Model Information Security Planning By Mohammed Ashfaq Ahmed

Model Information Security Planning By Mohammed Ashfaq Ahmed. Adopt multilayered security model. Follow defense-in-depth strategy Defense-in-depth: design from inside out but tested from the outside in, Information lies at core and most reliable protection element lie close to it

jered
Download Presentation

Model Information Security Planning By Mohammed Ashfaq Ahmed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Model Information Security PlanningBy Mohammed Ashfaq Ahmed

  2. Adopt multilayered security model • Follow defense-in-depth strategy Defense-in-depth: design from inside out but tested from the outside in, Information lies at core and most reliable protection element lie close to it Penetration of attackers occurs from outside in

  3. Seven layer security model… • It covers both the security of information as well as the security of the information system The layers of the model are • Information at the core • Cryptographic method layer • Verification and authentication layer • OS hardening layer • Information system architecture and design • Web services layer • The 8 ps of security layer

  4. Benefits of this model.. • vigorously protects information • Will slow down perpetrators as they attempt any attack • Discourage attackers • Assist in identification of hackers • Low cost and effective

  5. Information at the core.. Information reside at the core of the model • Why information at the core why not information system Reason.. The information system is too vast and cannot be narrowed sufficiently

  6. Information has many properties like disguise, protect, authenticate, test.. • The most important and interesting quality of information is changing state and still retaining all of its semantic value These factors allows us to effectively manage the information

  7. 2. Cryptographic method layer.. • It is the second layer and actually the most important from a security countermeasure point • It represents a formidable barrier that coats and protects information • It uses the properties of information

  8. Advantages.. • Cryptography disguises information • Cryptographic methods are extremely complex and require significant time and cost to break • it provides an elegant linkage to the authentication and verification layer • Cryptographic layers are many and varied

  9. 3.Authentication and verification layer.. • It is closely related to cryptographic layer • It has two distinct parts • The inner authentication and verification which pertains to the information exclusively Ex. Digital signatures, code signing, etc. • The outer half which provides an authentication and verification for the information system Ex. Password, access controls, etc

  10. Authentication is the process of determining if the information presented is real or fake • Authentication techniques usually take advantage of any of the following four factors to authenticate access to information • Possession factor: something you have that grant access to information ex: smartcard, token etc. • Biometric factor: something that you are that identifies you uniquely ex: finger print, face print, DNA etc.

  11. 3. Knowledge factor: something you know that is secret Ex. Password, username etc. 4. Integrity factor: something that allows the authentication routines to authenticate your actions after you are admitted access Ex. Message authentication code( mac’s)

  12. Authentication techniques can be used either directly with information or as a part of information system Verification is the one-to-one process of matching the user by name against an authentication template, maintained by trusted third party and provide the authentication status

  13. My Question……?

  14. Answer • The model is design from the inside out and tested from outside in. It mean that information is at the core to the model ant the most reliable protection elements of the plan are placed closest to it. penetration by attackers occurs from outside in, this concept is known as defense in depth.

More Related